Blog

• Gambling News

Spanish Man Uses Online Gambling App Bug to Steal Nearly $500K

Some iGaming operators might need to pay close attention to their development staff and financial audit procedures. One of its users in Spain took advantage of a flaw in the operator's app to make off with almost $500,000 there.
Members of Spain's Civil Guard have exposed a con artist who took advantage of a security hole in an unnamed online betting application. Computer forensic experts with the Civil Guard's unit in the city of Algeciras detained a person they believe stole more than €450,000 (US$488,610) through the gaming platform as part of an ongoing police investigation known as "Operation Diacero."

In honor of the name of the zero-day vulnerability, the operation was given the name Diacero (a combination of the Spanish words for zero and day). This is a term for bugs or glitches that have been uncovered but for which the developers haven’t yet created a solution or installed a patch to correct the issue.

Outperforming the System

The chain of events started when the gaming operator noticed a pattern of unusual withdrawals of bet winnings from a gambling establishment in the town of Los Barrios, Andalusia, in southern Spain.

The offender apparently had no idea that every time he did something, it was being recorded on security cameras inside the building. Local law enforcement could identify him and his activities with the help of that.

Through the zero-day exploit, he made over 650 withdrawals totaling about €700 (US$759) each. Although the Civil Guard did not specify how long the activity lasted, it is likely that the property should have become aware of his actions sooner than it did.

Authorities want to learn how the man found the bug and whether other apps might be affected by it because there are still a lot of unanswered questions regarding the scheme.

The Civil Guard is still delving into the details of the scheme as part of the ongoing investigation. They are looking to see if there are any connections to other entities that might be using a similar strategy. Therefore, additional arrests may occur over the next few days.

Online gamblers are simple targets

Consumers now have more entertainment options, and governments are earning more money thanks to the online gaming industry's recent rapid growth. Nevertheless, this surge in popularity has also sparked the interest of cybercriminals who seek to exploit its weaknesses.

The gaming industry is a desirable and reachable target for many dishonest actors due to a number of factors. Users frequently have to provide their banking information when using online channels to make deposits and withdrawals. This presents valuable information that may be used in cases of ATO (account takeover) or data breaches.

Gambling establishments are frequently targeted by opponents of gambling on political and moral grounds. The operators frequently come under attack from a flurry of evil deeds, like DDoS (dedicated denial of service) attacks or DNS spoofing (changing domain name system registrations to direct internet users to other websites). These are created by criminals or people who support governments that forbid gambling, as in the case of China.